On 2020-09-21 11:17, Tom Eastep wrote:
Okay -- you can then install Shorewall (or Shorewall-lite) on the RPi
and use Multi-ISP there, or you can roll your own using iptables and
ip.
The way that Shorewall would handle this roughly:
1. Add a routing rule at priority 1000 that sends all traffic to the
main table.
2. Delete the rule at priority 32766 that sends all traffic to the main
table.
3. Add a route in table 1 that reflects the default route through tun0
(e.g., ip route add default [ via <gateway> ] dev tun0 table 1)
4. Add a route in table 2 that reflects the default route through eth0.
5. Add a rule at priority 2000 that sends packets with mark one to
table 1.
6. Add a rule at priority 2001 that sends packets with mark two to
table 2.
7. In mangle PREROUTING:
a. If the connection mark is non-zero, set the packet mark to the
connection mark.
b. If the packet mark is non-zero, ACCEPT
c. If the in interface is tun0, set the packet mark to 1
d. If the in interface is eth0, set the packet mark to 2.
e. If the packet mark is non-zero, set the connection mark to the
packet mark.
8. In the default table (253), add a route that reflects the default
route through tun0.
8. Delete any default routes from the main table.
-Tom
Ok, I will ready this 50+ more times and continue on my path of reading
more about packet marks and understanding what is going on there.
I appreciate you taking the time to look at this and offer your
suggestions.
Thank You.
_______________________________________________
Shorewall-users mailing list
Shorewall-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/shorewall-users
